I work in detection engineering. Wanted to see do other who are working in the same role - do yall ever use python in your role? How important do yall find it related to detection engineering.

I mean like making HTTP requests and parsing response can all be done using codeless tools like logicapps etc and query languages are quite simple as well.

I recently had an interview which i think i wont clear because i didnt ever use python in my work. Not that i never needed to? I could do all of my SOARs using just logicapps / soar platforms / ps scripts / bash scripts. But seems like not knowing how to write python is a big deal? I can Even read python code but not write it, i mean not that i have never needed to in any use case.

Seemed like quite shallow to judge someone just based on programming skills for a detection engineer interview.

My employer wouldn't pay for a CompTIA exam. How are people finding employers to pay multi-thousand dollars for these classes?

Just cause I know it's a bit of a HR checkbox cert.

I have a masters degree in cybersecutity

Have 2.5 years experience in the field

Have done 3 SANs courses

Any use for getting sec+ or nah just skip?

Hi everyone,

Disclosure: I own the project linked below. I’m sharing it because I’m working on the technical side of NIS2 evidence collection, not to pitch services or solicit DMs.

Project context:
https://www.softwareapp-hb.de/projekte.html

The security engineering problem I’m looking at is this:

NIS2 Article 21 requires organizations to address areas like risk management, incident handling, business continuity, supply-chain security, vulnerability handling, access control, asset management, MFA, secure communications, and cyber hygiene. In practice, a lot of “evidence” for these areas still ends up as screenshots, policy PDFs, manual exports, spreadsheets, or consultant-maintained checklists.

That may satisfy some audit workflows, but from a security operations perspective it has obvious weaknesses: evidence goes stale, checks are difficult to reproduce, and there is often a gap between what the policy says and what the infrastructure actually looks like.

I’m building an open-source, self-hostable platform that tries to map NIS2 requirements to concrete technical checks and produce traceable evidence from actual system state. The current design focus is not to replace GRC platforms, legal review, auditors, or an ISMS. The goal is narrower: make certain parts of the evidence layer more repeatable, technical, and defensible.

Examples of evidence areas where this might be useful:

• asset inventory and system classification
• patch/vulnerability state
• account and privilege configuration
• MFA and authentication posture
• backup existence and test evidence
• logging and monitoring configuration
• firewall and network exposure checks
• incident-response process evidence
• technical control mappings to NIS2 Article 21

The hard question is where automation helps and where it becomes misleading.

For example, a system can verify that logging is enabled, but not necessarily that logs are reviewed effectively. A tool can collect patch state, but not decide whether risk acceptance was appropriate. It can validate backup configuration, but not prove that recovery objectives are realistic unless restore tests are captured properly.

For people working in security engineering, SOC, vulnerability management, infrastructure, audit support, or compliance operations:

Where do you think technical automation genuinely improves NIS2 evidence quality?

And where do you think compliance automation creates false confidence?

I’m especially interested in the boundary between measurable technical state and areas that still require human assessment, process maturity, or auditor judgment.

I’m relatively new to cyber security. Our head of security is leaving soon and I’ve been asked to step up. Mostly in regard to performing CE and CE+.

Initially I was tasked to take the CSTM but after the exam last week I’m worried it’s a step too far at this point. Haven’t had the results yet but I struggled.

I’m considering doing the VA+ in the first instance at least so we can keep doing CE+ when my colleague leaves.

Thing is... I can find hardly any resources on how to prepare for it and there don’t seem to be any official courses I can go on.

Can someone who achieved VA+ let me know how they prepared? Maybe there are some courses (in person preferred) but I’m struggling to find anything.

Hope you can help point me in the right direction.

Looks like ShinyHunters wasn't done after all... they've apparently defaced several university/college login websites on May 7 to put pressure on Instructure. They may have succeeded, though, since Instructure is no longer listed on their leak site as of May 8. The current timeline is:

1. April 29 - first incident involving data exfiltration
   
2. May 5 - they posted the list of impacted universities/colleges/districts
   
3. May 7 - second defacement incident
   
4. May 8 - Instructure removed from their leak site

I'd be interesting to know whether Instructure paid, and if they did, how much.

We built gateweb.io - a local SWG with HTTPS inspection that doesn't send your traffic through someone else's cloud. Free for up to 5 users. Curious what the security community thinks about the local-first approach.

Are you able to:

• Detect Shadow AI tools being used by employees?

• Monitor what AI platforms are accessing sensitive data?

• Identify AI policy violations before they become risks?

• Offer AI governance as a managed service?

With AI adoption accelerating, it feels like most MSPs still don’t have clear visibility or control over AI activity inside customer environments.

Curious to know:

Is this already becoming a concern for your clients? And are there any tools today that actually solve this well?

Hey everyone,

I’m planning to take the eCPPT exam in the next 3–4 days and wanted to get some advice from people who’ve already cleared it.

What should I focus on the most during these last few days of preparation? Any common mistakes to avoid or things you wish you knew before attempting the exam?

Also, if you know any Hack The Box or TryHackMe machines/labs that are similar to the exam style, I’d really appreciate the recommendations.

Thanks in advance!

I've been working in cybersecurity for not so long, maybe 8 or 9 years, but I never remember a chaos at this scale. I mean, from this January alone we have: leaking data, compromised applications, breaches, AI-assisted cybercriminals, etc. It looks like every day one major breach is happening, and no one is going to address this shit somehow. This is already insane. I haven't felt such pressure in a long time. This AI shit just makes things worse because it enhances attackers' skills, and AI companies are doing nothing to address or change this. Is it only me, or is the change already here?

Could show a ton of screenshots but this one sums it up https://imgur.com/gallery/canvas-vuln-declared-n-11-months-ago-zYfHnBs

It showed enough PII from everyone in my course that it would have been cake to privilege escalate through even the most rudimentary social engineering.

Here's another screenshot with email replies (two months later) saying insturcture had no control over bootcampspot.instructure.com :: https://imgur.com/a/BnhgXme

So apparently Canvas got hacked by ShinyHunters (3?!) times and is currently completely down. The cybercriminal group said the deadline is on May 12st, and if Instructure doesn't comply, they'll leak the PII of all students and teachers. I'm not a cybersecurity major, and I don't know much about Canvas, but how much will we be affected if no deal is reached? Like, how much information is typically stored on Canvas, and will they be able to figure out more through what is available in the system? I'm genuinely concerned....